back to article Attention, lockdown DIY fans: UK hardware flinger Robert Dyas had credit card data and more skimmed from website

British hardware chain Robert Dyas' website has been hit by credit-card stealing malware that siphoned off customers' payment details including the long card number, expiry date and security (CVV) code. Between 7 and 30 March a card skimmer was present on Robert Dyas' payment processing page, the chain admitted in an email …

  1. Woodnag

    Hmm

    "We became aware on 30 March 2020 that malicious software (malware) had been uploaded on to our ecommerce website by an external third party, which was immediately blocked by our IT Security team"

    malware... uploaded... immediately blocked. Sounds good, until you read more carefully.

    1. DRue2514

      Re: Hmm

      "We became aware". Sounds like they didn't detect this themselves either.

  2. Anonymous Coward
    Anonymous Coward

    Credit Card Skimmers

    If you would like to see what a typical card skimmer looks like, check out the webpage source of:

    https://www.antiquesilverspoons[.]co[.]uk/

    (starting at line 1098)

    This site has been infected for a long time and they don't respond to email.

    I believe the C&C of the skimmer is also sinkholed by a well-known security outfit to render it somewhat benign.

  3. Captain Scarlet
    Mushroom

    Well balls

    Ordered twice from Robert Dyas in March, where is my bloody we care about you email as I havent had one yet!

    1. Oh Matron!

      Re: Well balls

      Haven't had the opportunity / misfortune to order from them online, but I find Dyas to be one of the more useful shops on the high street (I don't drive).

      1. Captain Scarlet
        Mushroom

        Re: Well balls

        The courier lost one box as well, filled out the bloody form for a missing item and the courier then found it and had the cheek to moan at me saying why did I reject one box (I didn't, you didn't bloody load it on the van!).

  4. Neil Barnes Silver badge

    'Skimmer' and 'CCV' = a website vuln, not backend?

    I'm just seeking education here. The difference would be whether over the counter sales / card payments are affected.

    1. mj.jam

      Re: 'Skimmer' and 'CCV' = a website vuln, not backend?

      Yes, a skimmer means somebody got something into their website that reported your details to them (as well as to Robert Dyas). Similar to a skimmer over the slot of a cash machine which reads your cards as they are used. Doesn't stop the data being used for the original purpose, but separately reads it.

      Typically CCV numbers are not stored by people, so if they are exposed then that would show either they have stored them in their DB (which is very naughty) or that somebody skimmed them on the way.

  5. Mike 137 Silver badge

    "“As soon as we became aware..."

    “As soon as we became aware of the presence of malicious software ... we took immediate action to remove it."

    Meaning: "it took us three weeks to detect this".

    Why?

    Elementary: nobody was looking. Nobody ever seems to these days. In many organisations I've consulted with, logs are gathered, but only inspected after a breach has been detected by other means (usually either pure chance or some jorno pointing it out in public).

  6. Bonegang

    there are tools...

    ...to detect this kind of thing pretty much immediately.

    Scanning the pages on an hourly/daily basis and notifying on diffs is an established method.

    Why does it seem too expensive until the moment they are compromised...?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon